1 / 23

Cyber-Security: A Stochastic Modeling Approach for Security Quantification

Cyber-Security: A Stochastic Modeling Approach for Security Quantification. K. Ruwani M. Fernando & Prof. Chris P. Tsokos. Presentation overview. Introduction Cyber-Security Analytical Framework Stochastic Modeling: Discrete-Time & Continuous-Time Markov Chains

denzel
Download Presentation

Cyber-Security: A Stochastic Modeling Approach for Security Quantification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber-Security: A Stochastic Modeling Approach for Security Quantification K. Ruwani M. Fernando & Prof. Chris P. Tsokos

  2. Presentation overview • Introduction • Cyber-Security Analytical Framework • Stochastic Modeling: Discrete-Time & Continuous-Time Markov Chains • Quantitative Security Assessment • Illustration • Conclusions

  3. Introduction • Cyber Attacks becomes more and more sophisticated & complex. • Losses due to such attacks are immense varying from loss of money and confidential information to the spoilage of reputation. • Therefore, it is extremely important for corporations to have security metrics in order to mitigate the security risks. • During the operational lifetime of a system, it can alternate between different security states, mainly due to intrusion attempts of attackers. • The behavior of an attacker can be described by the transitions between states of the system where each transition is caused by attacker’s event. • Since both the event and the time it will occur is random, the states of a network system and the attacker behavior can be modeled as a stochastic process, which can capture its dynamical behavior.

  4. Introduction: Quantitative security models

  5. CYBER Security ANLYTICAL FRAMEWORK Stochastic modeling Model Representation

  6. Discrete-Time Markov Chain • In this study, we assume that the transition probabilities do not depend on time (), which is called the time homogeneity. Thus, . • The Probability Transition Matrix P has its entry as:

  7. Continuous-Time markov chain

  8. Continuous-Time markov chain: Infinitesimal Generator • G is not a stochastic matrix: Diagonals are negative. Entries can be greater than 1. Row sums to zero. Diagonal entries are negative of holding time. Off-diagonal elements are instantaneous transition rates, . • ; Exponential rate of transition from state to state • ; Average time needed to transit form to • ; Average amount of time (sojourn time) spent in each state (holding time) • If transition rates (are available: : The rate that the process leaves state is equal to the sum of the rates from to each of the next states.

  9. Quantitative Security Assessment

  10. Quantitative security Assessment

  11. ILLUSTRATIONS

  12. Attacker path attack algorithm

  13. ILLUSTRATION 1 (dtmc) : SPECIFYING THE MODEL State Space Model Transition Probability Matrix

  14. ILLUSTRATION 1…..

  15. ILLUSTRATION 1…… • Probability Transition Matrix • Most probable Goal • Most Critical Attack State • Expected Path Length =

  16. Illustration……Transition probabilities

  17. ILLUSTATION 11 (ctmc) : SPECIFYING THE MODEL Attack Progression Model Infinitesimal Generator

  18. ILLUSTRATION II

  19. ILLUSTRATION II • Transition Intensities estimated from data (G • Mean sojourn times • Transition Probability Function: P(10) • Fundamental Matrix • MTSSF

  20. ILLUSTRATION II ….

  21. conclusion • Model presented is concentrated on attacks launched remotely through internet. • Current Model focuses primarily on software vulnerabilities. • Any attack scenarios involve four states: breach, strike confidentiality, strike integrity, and strike availability—remarkably similar to the states we present here. • The obtained security measures: The amount of steps performed in each attack scenario, the most probable goal, Expected path length, Mean Time to Security Failure(MTTSF) • Estimating the transition probabilities, transition rates and holding times have always been the biggest challenges for security assessment.

  22. REFERNCES • Madan, Bharat B., et al. "A method for modeling and quantifying the security attributes of intrusion tolerant systems." Performance Evaluation 56.1 (2004): 167-186. • Abraham, Subil, and Suku Nair. "Exploitability analysis using predictive cybersecurity framework." Cybernetics (CYBCONF), 2015 IEEE 2nd International Conference on. IEEE, 2015. • Leversage, David John, and Eric James Byres. "Estimating a system's mean time-to-compromise." IEEE Security & Privacy 6.1 (2008). • Trivedi, K. S. (2016). Probability and statistics with reliability, queuing, and computer science applications.

  23. THANK YOU

More Related